Microsoft - Emetetelecom

Microsoft New Kernel Data Protection Security Technology

Attackers, confronted by security technologies that prevent memory corruption, like Code Integrity (CI) and Control Flow Guard (CFG), are expectedly shifting their techniques towards data corruption. Attackers use data corruption techniques to focus on system security policy, escalate privileges, tamper with security attestation, modify “initialize once” data structures, among others.

Kernel Data Protection (KDP) could be a new technology that stops data corruption attacks by protecting parts of the Windows kernel and drivers through VBS (Virtualization based security). KDP is a set of APIs that provide the flexibility to mark some kernel memory as read-only, preventing attackers from ever modifying protected memory. for instance, we’ve seen attackers use signed but vulnerable drivers to attack policy data structures and install a malicious, unsigned driver. KDP mitigates such attacks by ensuring that policy data structures cannot be tampered with.

The concept of protecting kernel memory as read-only has valuable applications for the Windows kernel, inbox components, security products, and even third-party drivers like anti-cheat and digital rights management (DRM) software. On top of the important security and tamper protection applications of this technology, other benefits include:

Kindly Check out our Social Media Handlers – Emetetelecom
  • Performance improvements – KDP lessens the burden on attestation components, which might not get to periodically verify data variables that are write-protected
  • Reliability improvements – KDP makes it easier to diagnose memory corruption bugs that don’t necessarily represent security vulnerabilities
  • Providing an incentive for driver developers and vendors to enhance compatibility with virtualization-based security, improving adoption of those technologies within the ecosystem

KDP uses technologies that are supported by default Secured-core PCs, which implement a selected set of device requirements that apply the safety best practices of isolation and minimal trust to the technologies that underpin the Windows OS. KDP enhances the protection provided by the features that structure Secured-core PCs by adding another layer of protection for sensitive system configuration data.

In this blog we’ll share technical details about how Kernel Data Protection works and the way it’s implemented on Windows 10, with the goal of inspiring and empowering driver developers and vendors to require full advantage of this technology designed to tackle data corruption attacks.

You may also like...

Popular Posts

7 Comments

  1. Microsoft New Kernel Data Protection Security
    Technology – Emete Telecom it is very useful, I also shared
    it on my facebook.

    Many thanks! 🙂

  2. It’s in reality a nice and useful piece of information. I’m satisfied that you just shared this useful information with us. Please keep us up to date like this. Thanks for sharing. Dolley Rodd Chaim

    1. Thanks, Dolley Rodd!
      For a Help full and motivational comment. keeping a blog section active is a mandatory need for my service. apologize for not doing in well mannerly thanks to people like you who still appreciate our approach. I Will try my best to deliver more effectively

  3. Un buen blog! Voy a marcar unos pocos de estos .. Saree Mortimer Zahavi

    1. Gracias por el comentario Perdón por mi pequeño conocimiento de español

  4. Good luck to your blog as I continue to follow regularly. Karia Frederico Welker

    1. Thanks, Erotik!
      Will we keep this updating.

Leave a Reply

Your email address will not be published. Required fields are marked *

Call Now